And yes, Objective-See's free, open-source tools (objective-see.com/products.html) have no problem detecting & thwarting this malware, even with no a priori knowledge of this threat! 😇
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The majority of Mac infections are "user-assisted", which Apple combats via:
✅Notarization
✅Gatekeeper
✅File Quarantine
...these have proven problematic for attackers
But oops, this bug sidesteps all, allowing unsigned (unnotarized) items to be launched ...with no alerts!😭
Q: Can our free open-source tools protect you ...with no a priori knowledge of this insidious threat?
When the malicious script in the infected Xcode project is executed and attempts to connect to the attacker's remote C&C server for tasking (via /bin/bash), LuLu will intercept this, and alert you:
If we allow the malicious payload (EggShell), to be downloaded from the server ....when it attempts to persistently install itself as a Launch Agent, BlockBlock will alert you: